3 files changed, 13 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index e2989c425..f65b751d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@
    - djm@cvs.openbsd.org 2003/05/26 12:54:40
      [sshconnect.c]
      fix format strings; ok markus@
+   - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
+     [sshd.c uidswap.c]
+     seteuid and setegid; markus ok
 
 20030530
  - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
@@ -1638,4 +1641,4 @@
      save auth method before monitor_reset_key_state(); bugzilla bug #284;
      ok provos@
 
-$Id: ChangeLog,v 1.2761 2003/06/02 09:09:13 djm Exp $
+$Id: ChangeLog,v 1.2762 2003/06/02 09:09:48 djm Exp $
diff --git a/sshd.c b/sshd.c
index 8226d9578..e73135c7b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.266 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.267 2003/05/29 16:58:45 deraadt Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -564,8 +564,10 @@ privsep_preauth_child(void)
         do_setusercontext(pw);
 #else
         gidset[0] = pw->pw_gid;
+        if (setegid(pw->pw_gid) < 0)
+                fatal("setegid failed for %u", (u_int)pw->pw_gid);
         if (setgid(pw->pw_gid) < 0)
-                fatal("setgid failed for %u", (u_int)pw->pw_gid );
+                fatal("setgid failed for %u", (u_int)pw->pw_gid);
         if (setgroups(1, gidset) < 0)
                 fatal("setgroups: %.100s", strerror(errno));
         permanently_set_uid(pw);
diff --git a/uidswap.c b/uidswap.c
index 86c61a4b0..db6253259 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");
 
 #include "log.h"
 #include "uidswap.h"
@@ -147,8 +147,12 @@ permanently_set_uid(struct passwd *pw)
                 fatal("permanently_set_uid: temporarily_use_uid effective");
         debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
             (u_int)pw->pw_gid);
+        if (setegid(pw->pw_gid) < 0)
+                fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
         if (setgid(pw->pw_gid) < 0)
                 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
+        if (seteuid(pw->pw_uid) < 0)
+                fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
         if (setuid(pw->pw_uid) < 0)
                 fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 }